[jira] [Assigned] (KARAF-6654) Remote JMX connection not working with security manager

Tue, 23 Mar 2021 15:10:12 -0700 


     [ 
https://issues.apache.org/jira/browse/KARAF-6654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Freeman Yue Fang reassigned KARAF-6654:
---------------------------------------

    Assignee: Freeman Yue Fang

> Remote JMX connection not working with security manager
> -------------------------------------------------------
>
>                 Key: KARAF-6654
>                 URL: https://issues.apache.org/jira/browse/KARAF-6654
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf
>    Affects Versions: 4.2.8
>         Environment: Karaf version 4.2.8
>            Reporter: Blen Desta
>            Assignee: Freeman Yue Fang
>            Priority: Major
>              Labels: JMX, SecurityManager, jmx
>
> We're unable to connect to remote JMX with security manager enabled.
>  
> Steps to reproduce:
>  * On Karaf 4.2.8, turn on the security manager by adding 
>  {{-Djava.security.manager}} and
>  {{-Djava.security.policy==${KARAF_HOME}/etc/all.policy}}
>  to the karaf script.
>  * Using jconsole with debug logging, connect to the remote JMX using 
> {{service:jmx:rmi:///jndi/rmi://localhost:1099/karaf-root}} and karaf/karaf 
> as the username and password. Choose {{Insecure connection}}
> The connection will fail and you will get the following in the logs.
> Note: {{all.policy}} grants access to everything.
> {code:java}
> java.security.AccessControlException: access denied 
> ("javax.security.auth.AuthPermission" "getSubject")
>       at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
>       at 
> java.security.AccessController.checkPermission(AccessController.java:886)
>       at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>       at javax.security.auth.Subject.getSubject(Subject.java:287)
>       at 
> org.apache.felix.eventadmin.impl.handler.EventAdminImpl.prepareEvent(EventAdminImpl.java:146)
>       at 
> org.apache.felix.eventadmin.impl.handler.EventAdminImpl.postEvent(EventAdminImpl.java:180)
>       at 
> org.apache.felix.eventadmin.impl.security.EventAdminSecurityDecorator.postEvent(EventAdminSecurityDecorator.java:79)
>       at 
> org.apache.karaf.management.internal.EventAdminLoggerImpl.log(EventAdminLoggerImpl.java:56)
>       at 
> org.apache.karaf.management.internal.EventAdminMBeanServerWrapper.log(EventAdminMBeanServerWrapper.java:143)
>       at 
> org.apache.karaf.management.internal.EventAdminMBeanServerWrapper.getClassLoaderRepository(EventAdminMBeanServerWrapper.java:641)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>       at java.lang.reflect.Method.invoke(Method.java:498)
>       at 
> org.apache.karaf.management.internal.MBeanInvocationHandler.invoke(MBeanInvocationHandler.java:60)
>       at com.sun.proxy.$Proxy19.getClassLoaderRepository(Unknown Source)
>       at 
> javax.management.remote.rmi.RMIConnectionImpl$1.run(RMIConnectionImpl.java:137)
>       at 
> javax.management.remote.rmi.RMIConnectionImpl$1.run(RMIConnectionImpl.java:135)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at 
> javax.management.remote.rmi.RMIConnectionImpl.<init>(RMIConnectionImpl.java:134)
>       at 
> javax.management.remote.rmi.RMIJRMPServerImpl.makeClient(RMIJRMPServerImpl.java:207)
>       at 
> javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:250)
>       at 
> javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:199)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>       at java.lang.reflect.Method.invoke(Method.java:498)
>       at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357)
>       at sun.rmi.transport.Transport$1.run(Transport.java:200)
>       at sun.rmi.transport.Transport$1.run(Transport.java:197)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
>       at 
> sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:573)
>       at 
> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:834)
>       at 
> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:688)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at 
> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:687)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>       at java.lang.Thread.run(Thread.java:748)
>       at 
> sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:303)
>       at 
> sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:279)
>       at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:161)
>       at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown 
> Source)
>       at 
> javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2430)
>       at 
> javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:308)
>       at 
> javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
>       at sun.tools.jconsole.ProxyClient.tryConnect(ProxyClient.java:370)
>       at sun.tools.jconsole.ProxyClient.connect(ProxyClient.java:313)
>       at sun.tools.jconsole.VMPanel$2.run(VMPanel.java:294)
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to